Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis

M. Asaka; T. Onabura; T. Inoue; Shigeki Goto

doi:10.1109/SAINT.2002.994451

Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis

M. Asaka, T. Onabura, T. Inoue, Shigeki Goto

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI-which is an certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from non-intrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.

Original language	English
Title of host publication	Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	64-73
Number of pages	10
ISBN (Print)	0769514472, 9780769514475
DOIs	https://doi.org/10.1109/SAINT.2002.994451
Publication status	Published - 2002
Event	Symposium on Applications and the Internet, SAINT 2002 - Nara City, Japan Duration: 2002 Jan 28 → 2002 Feb 1

Other

Other	Symposium on Applications and the Internet, SAINT 2002
Country/Territory	Japan
City	Nara City
Period	02/1/28 → 02/2/1

Keywords

Internet
Intrusion detection

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications

Access to Document

10.1109/SAINT.2002.994451

Cite this

Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis. / Asaka, M.; Onabura, T.; Inoue, T. et al.
Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002. Institute of Electrical and Electronics Engineers Inc., 2002. p. 64-73 994451.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Asaka, M, Onabura, T, Inoue, T & Goto, S 2002, Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis. in Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002., 994451, Institute of Electrical and Electronics Engineers Inc., pp. 64-73, Symposium on Applications and the Internet, SAINT 2002, Nara City, Japan, 02/1/28. https://doi.org/10.1109/SAINT.2002.994451

@inproceedings{3a1f06d2443a4505b2d5c39080d54d9e,

title = "Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis",

abstract = "In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI-which is an certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from non-intrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.",

keywords = "Internet, Intrusion detection",

author = "M. Asaka and T. Onabura and T. Inoue and Shigeki Goto",

year = "2002",

doi = "10.1109/SAINT.2002.994451",

language = "English",

isbn = "0769514472",

pages = "64--73",

booktitle = "Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "Symposium on Applications and the Internet, SAINT 2002 ; Conference date: 28-01-2002 Through 01-02-2002",

}

TY - GEN

T1 - Remote attack detection method in IDA

T2 - Symposium on Applications and the Internet, SAINT 2002

AU - Asaka, M.

AU - Onabura, T.

AU - Inoue, T.

AU - Goto, Shigeki

PY - 2002

Y1 - 2002

N2 - In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI-which is an certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from non-intrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.

AB - In order to detect intrusions, IDA (Intrusion Detection Agent system) initially monitors system logs in order to discover an MLSI-which is an certain event which in many cases occurs during an intrusion. If an MLSI is found, then IDA judges whether the MLSI is accompanied by an intrusion. We adopt discriminant analysis to analyze information after IDA detects an MLSI in a remote attack. Discriminant analysis provides a classification function that allows IDA to separate intrusive activities from non-intrusive activities. Using discriminant analysis, we can detect intrusions by analyzing only a part of system calls occurring on a host machine, and we can determine whether an unknown sample is an intrusion. In this paper, we explain in detail how we perform discriminant analysis to detect intrusions, and evaluate the classification function. We also describe how to extract a sample from system logs, which is necessary to implement the discriminant analysis function in IDA.

KW - Internet

KW - Intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=84950109260&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84950109260&partnerID=8YFLogxK

U2 - 10.1109/SAINT.2002.994451

DO - 10.1109/SAINT.2002.994451

M3 - Conference contribution

AN - SCOPUS:84950109260

SN - 0769514472

SN - 9780769514475

SP - 64

EP - 73

BT - Proceedings - 2002 Symposium on Applications and the Internet, SAINT 2002

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 28 January 2002 through 1 February 2002

ER -

Remote attack detection method in IDA: MLSI-based intrusion detection using discriminant analysis

Abstract

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this